Merge branch '1.5.x'

spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerProperties.java

@@ -207,6 +207,9 @@ public class ResourceServerProperties implements Validator, BeanFactoryAware {
 	}
 
 	private void validate(ResourceServerProperties target, Errors errors) {
+		if (!StringUtils.hasText(this.clientId)) {
+			return;
+		}
 		boolean jwtConfigPresent = StringUtils.hasText(this.jwt.getKeyUri())
 				|| StringUtils.hasText(this.jwt.getKeyValue());
 		boolean jwkConfigPresent = StringUtils.hasText(this.jwk.getKeySetUri());
@@ -228,8 +231,7 @@ public class ResourceServerProperties implements Validator, BeanFactoryAware {
 								+ "JWT verifier key");
 			}
 			if (StringUtils.hasText(target.getTokenInfoUri()) && isPreferTokenInfo()) {
-				if (StringUtils.hasText(this.clientId)
-						&& !StringUtils.hasText(this.clientSecret)) {
+				if (!StringUtils.hasText(this.clientSecret)) {
 					errors.rejectValue("clientSecret", "missing.clientSecret",
 							"Missing client secret");
 				}

spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/resource/ResourceServerPropertiesTests.java

@@ -55,6 +55,14 @@ public class ResourceServerPropertiesTests {
 		assertThat(jwt.get("keyUri")).isNotNull();
 	}
 
+	@Test
+	public void validateWhenClientIdNullShouldNotFail() throws Exception {
+		this.properties = new ResourceServerProperties(null, "secret");
+		setListableBeanFactory();
+		this.properties.validate(this.properties, this.errors);
+		verifyZeroInteractions(this.errors);
+	}
+
 	@Test
 	public void validateWhenBothJwtAndJwkKeyUrisPresentShouldFail() throws Exception {
 		this.properties.getJwk().setKeySetUri("http://my-auth-server/token_keys");